Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2018-1000654

Negligible priority

Some fixes available 1 of 8

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long...

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3 Not in release Not in release Not in release Not in release Not in release
libtasn1-6 Not affected Not affected Not affected Needs evaluation Fixed
Show less packages

CVE-2018-6003

Medium priority
Fixed

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3 Not in release
libtasn1-6 Fixed
Show less packages

CVE-2017-10790

Low priority

Some fixes available 2 of 4

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to...

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3 Not in release Not in release Not in release
libtasn1-6 Not affected Not affected Fixed
Show less packages

CVE-2017-6891

Medium priority
Fixed

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file...

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3 Not in release
libtasn1-6 Fixed
Show less packages

CVE-2016-4008

Medium priority
Fixed

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3 Not in release
libtasn1-6 Fixed
Show less packages

CVE-2015-3622

Medium priority
Fixed

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3
libtasn1-6
Show less packages

CVE-2015-2806

Medium priority
Fixed

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3
libtasn1-6
Show less packages

CVE-2014-3469

Medium priority

Some fixes available 3 of 5

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3
libtasn1-6
Show less packages

CVE-2014-3468

Medium priority

Some fixes available 3 of 5

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3
libtasn1-6
Show less packages

CVE-2014-3467

Medium priority

Some fixes available 3 of 5

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

2 affected packages

libtasn1-3, libtasn1-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libtasn1-3
libtasn1-6
Show less packages